Computer Sciences Commons^™

Testing The Greenpass Wireless Security System, Kimberly S. Powell

Dartmouth College Undergraduate Theses

Greenpass, developed by Nick Goffee, Sung Hoon Kim, Meiyuan Zhao and John Marchesini under the supervision of Sean Smith and Punch Taylor, is a wireless security solution that implements SPKI/SDSI delegation on top of X.509 keypairs within the EAP-TLS authentication protocol. This system aims to model the decentralized way that authorization flows in real-world enterprise settings and provide a seamless solution that allows for easy access to all resources in the network by both registered users and authorized guests. These goals are achieved through the deployment of a delegation tool, which allows an active entity associated to the organization's network …

A Secure Network Node Approach To The Policy Decision Point In Distributed Access Control, Geoffrey H. Stowe

Dartmouth College Undergraduate Theses

To date, the vast majority of access control research and development has been on gathering, managing, and exchanging information about users. But an equally important component which has yet to be fully developed is the Policy Decision Point - the system that decides whether an access request should be granted given certain attributes of the requestor. This paper describes the research and implementation of a new PDP system for an undergraduate honors project. This PDP system employs three unique features which differentiate it from existing technology: collaboration capabilities, trusted management, and interoperability with other access control systems. Security considerations and …

Experimental Evaluation Of Wireless Simulation Assumptions, David Kotz, Calvin Newport, Robert S. Gray, Jason Liu, Yougu Yuan, Chip Elliott

Computer Science Technical Reports

All analytical and simulation research on ad~hoc wireless networks must necessarily model radio propagation using simplifying assumptions. Although it is tempting to assume that all radios have circular range, have perfect coverage in that range, and travel on a two-dimensional plane, most researchers are increasingly aware of the need to represent more realistic features, including hills, obstacles, link asymmetries, and unpredictable fading. Although many have noted the complexity of real radio propagation, and some have quantified the effect of overly simple assumptions on the simulation of ad~hoc network protocols, we provide a comprehensive review of six assumptions that are still …

Technological Implications For Privacy, David Kotz

Computer Science Technical Reports

The World-Wide Web is increasingly used for commerce and access to personal information stored in databases. Although the Web is ``just another medium'' for information exchange, the fact that all the information is stored in computers, and all of the activity happens in computers and computer networks, makes it easier (cheaper) than every to track users' activities. By recording and analyzing user's activities in the Web, activities that may seem to be quite private to many users, it is more likely than ever before that a person's privacy may be threatened. In this paper I examine some of the technology …

A Sensor-Fusion Approach For Meeting Detection, Jue Wang, Guanling Chen, David Kotz

Dartmouth Scholarship

In this paper we present a context-sensing component that recognizes meetings in a typical office environment. Our prototype detects the meeting start and end by combining outputs from pressure and motion sensors installed on the chairs. We developed a telephone controller application that transfers incoming calls to voice-mail when the user is in a meeting. Our experiments show that it is feasible to detect high-level context changes with “good enough” accuracy, using low-cost, off-the-shelf hardware, and simple algorithms without complex training. We also note the need for better metrics to measure context detection performance, other than just accuracy. We propose …

A Sensor Fusion Approach For Meeting Detection, Jue Wang, Guanling Chen, David Kotz

Dartmouth Scholarship

In this paper we present a context-sensing component that recognizes meetings in a typical office environment. Our prototype detects the meeting start and end by combining outputs from pressure and motion sensors installed on the chairs. We developed a telephone controller application that transfers incoming calls to voice-mail when the user is in a meeting. Our experiments show that it is feasible to detect high-level context changes with ``good enough'' accuracy, using low-cost, off-the-shelf hardware, and simple algorithms without complex training. We also note the need for better metrics to measure context detection performance, other than just accuracy. We propose …

Synchronizing Keyframe Facial Animation To Multiple Text-To-Speech Engines And Natural Voice With Fast Response Time, William H. Pechter

Dartmouth College Undergraduate Theses

This thesis aims to create an automated lip-synchronization system for real-time applications. Specifically, the system is required to be fast, consist of a limited number of keyframes with small memory requirements, and create fluid and believable animations that synchronize with text-to-speech engines as well as raw voice data. The algorithms utilize traditional keyframe animation and a novel method of keyframe selection. Additionally, phoneme-to-keyframe mapping, synchronization, and simple blending rules are employed. The algorithms provide blending between keyframe images, borrow information from neighboring phonemes, accentuate phonemes b, p and m, differentiate between keyframes for phonemes with allophonic variations, and provide prosodromic …

A Holesome File System, Darren Erik Vengroff, David Kotz

Computer Science Technical Reports

We present a novel approach to fully dynamic management of physical disk blocks in Unix file systems. By adding a single system call, zero, to an existing file system, we permit applications to create holes, that is, regions of files to which no physical disk blocks are allocated, far more flexibly than previously possible. zero can create holes in the middle of existing files. Using zero, it is possible to efficiently implement applications including a variety of databases and I/O-efficient computation systems on top of the Unix file system. zero can also be used to implement an efficient file-system-based paging …

Enhancing Expressiveness Of Speech Through Animated Avatars For Instant Messaging And Mobile Phones, Joseph E. Pechter

Dartmouth College Undergraduate Theses

This thesis aims to create a chat program that allows users to communicate via an animated avatar that provides believable lip-synchronization and expressive emotion. Currently many avatars do not attempt to do lip-synchronization. Those that do are not well synchronized and have little or no emotional expression. Most avatars with lip synch use realistic looking 3D models or stylized rendering of complex models. This work utilizes images rendered in a cartoon style and lip-synchronization rules based on traditional animation. The cartoon style, as opposed to a more realistic look, makes the mouth motion more believable and the characters more appealing. …

Dependency Management In Distributed Settings (Poster Abstract), Guanling Chen, David Kotz

Dartmouth Scholarship

Ubiquitous-computing environments are heterogeneous and volatile in nature. Systems that support ubicomp applications must be self-managed, to reduce human intervention. In this paper, we present a general service that helps distributed software components to manage their dependencies. Our service proactively monitors the liveness of components and recovers them according to supplied policies. Our service also tracks the state of components, on behalf of their dependents, and may automatically select components for the dependent to use based on evaluations of customized functions. We believe that our approach is flexible and abstracts away many of the complexities encountered in ubicomp environments. In …

Simulation Validation Using Direct Execution Of Wireless Ad-Hoc Routing Protocols, Jason Liu, Yougu Yuan, David M. Nicol, Robert S. Gray, Calvin C. Newport, David Kotz, Luiz Felipe Perrone

Dartmouth Scholarship

Computer simulation is the most common approach to studying wireless ad-hoc routing algorithms. The results, however, are only as good as the models the simulation uses. One should not underestimate the importance of \em validation, as inaccurate models can lead to wrong conclusions. In this paper, we use direct-execution simulation to validate radio models used by ad-hoc routing protocols, against real-world experiments. This paper documents a common testbed that supports direct execution of a set of ad-hoc routing protocol implementations in a wireless network simulator. The testbed reads traces generated from real experiments, and uses them to drive direct-execution implementations …

The Kerf Toolkit For Intrusion Analysis, Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Daniela Rus, Brett Tofel

Computer Science Technical Reports

We consider the problem of intrusion analysis and present the Kerf Toolkit, whose purpose is to provide an efficient and flexible infrastructure for the analysis of attacks. The Kerf Toolkit includes a mechanism for securely recording host and network logging information for a network of workstations, a domain-specific language for querying this stored data, and an interface for viewing the results of such a query, providing feedback on these results, and generating new queries in an iterative fashion. We describe the architecture of Kerf, present examples to demonstrate the power of our query language, and discuss the performance of our …

A Subgroup Algorithm To Identify Cross-Rotation Peaks Consistent With Non-Crystallographic Symmetry, Ryan H. Lilien, Chris Bailey-Kellogg, Amy C. Anderson, Bruce R. Donald

Dartmouth Scholarship

Molecular replacement (MR) often plays a prominent role in determining initial phase angles for structure determination by X-ray crystallography. In this paper, an efficient quaternion-based algorithm is presented for analyzing peaks from a cross-rotation function in order to identify model orientations consistent with proper non-crystallographic symmetry (NCS) and to generate proper NCS-consistent orientations missing from the list of cross-rotation peaks. The algorithm, CRANS, analyzes the rotation differences between each pair of cross-rotation peaks to identify finite subgroups. Sets of rotation differences satisfying the subgroup axioms correspond to orientations compatible with the correct proper NCS. The CRANS algorithm was first …

The Changing Usage Of A Mature Campus-Wide Wireless Network, Tristan Henderson, David Kotz, Ilya Abyzov

Computer Science Technical Reports

Wireless Local Area Networks (WLANs) are now common on academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslogs, telephone records, SNMP polling and tcpdump packet sniffing. This is the largest WLAN study to date, and the first to look at a large, mature WLAN and consider geographic mobility. We compare this trace to a trace taken …

Parallel Out-Of-Core Sorting: The Third Way, Geeta Chaudhry

Dartmouth College Ph.D Dissertations

Sorting very large datasets is a key subroutine in almost any application that is built on top of a large database. Two ways to sort out-of-core data dominate the literature: merging-based algorithms and partitioning-based algorithms. Within these two paradigms, all the programs that sort out-of-core data on a cluster rely on assumptions about the input distribution. We propose a third way of out-of-core sorting: oblivious algorithms. In all, we have developed six programs that sort out-of-core data on a cluster. The first three programs, based completely on Leighton's columnsort algorithm, have a restriction on the maximum problem size that they …

Identification Of Novel Small Molecule Inhibitors Of Core-Binding Factor Dimerization By Computational Screening Against Nmr Molecular Ensemble, Ryan H. Lilien, Mohini Sridharan, Bruce R. Donald

Computer Science Technical Reports

The long development process of novel pharmaceutical compounds begins with the identification of a lead inhibitor compound. Computational screening to identify those ligands, or small molecules, most likely to inhibit a target protein may benefit the pharmaceutical development process by reducing the time required to identify a lead compound. Typically, computational ligand screening utilizes high-resolution structural models of both the protein and ligand to fit or `dock' each member of a ligand database into the binding site of the protein. Ligands are then ranked by the number and quality of interactions formed in the predicted protein-ligand complex. It is currently …

A Meeting Detector And Its Applications, Jue Wang, Guanling Chen, David Kotz

Computer Science Technical Reports

In this paper we present a context-sensing component that recognizes meetings in a typical office environment. Our prototype detects the meeting start and end by combining outputs from pressure and motion sensors installed on the chairs. We developed a telephone controller application that transfers incoming calls to voice-mail when the user is in a meeting. Our experiments show that it is feasible to detect high-level context changes with ``good enough'' accuracy, using low-cost, off-the-shelf hardware, and simple algorithms without complex training. We also note the need for better metrics to measure context detection performance, other than just accuracy. We propose …

Dependency Management In Distributed Settings, Guanling Chen, David Kotz

Computer Science Technical Reports

Ubiquitous-computing environments are heterogeneous and volatile in nature. Systems that support ubicomp applications must be self-managed, to reduce human intervention. In this paper, we present a general service that helps distributed software components to manage their dependencies. Our service proactively monitors the liveness of components and recovers them according to supplied policies. Our service also tracks the state of components, on behalf of their dependents, and may automatically select components for the dependent to use based on evaluations of customized functions. We believe that our approach is flexible and abstracts away many of the complexities encountered in ubicomp environments. In …

Evaluating Location Predictors With Extensive Wi-Fi Mobility Data, Libo Song, David Kotz, Ravi Jain, Xiaoning He

Dartmouth Scholarship

Location is an important feature for many applications, and wireless networks can better serve their clients by anticipating client mobility. As a result, many location predictors have been proposed in the literature, though few have been evaluated with empirical evidence. This paper reports on the results of the first extensive empirical evaluation of location predictors, using a two-year trace of the mobility patterns of over 6,000 users on Dartmouth's campus-wide Wi-Fi wireless network. \par We implemented and compared the prediction accuracy of several location predictors drawn from two major families of domain-independent predictors, namely Markov-based and compression-based predictors. We found …

Keyjacking: The Surprising Insecurity Of Client-Side Ssl, John Marchesini, S W. Smith, Meiyuan Zhao

Computer Science Technical Reports

In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via client-side SSL and various client keystores. However, whether this works depends on whether what the machines do with the private keys matches what the humans think they do: whether a server operator can conclude from an SSL request authenticated with a user's private key that the user was aware of and approved that request. Exploring this vision, we demonstrate via a series of experiments that this assumption does not hold with standard …

A Case Study Of Four Location Traces, Guanling Chen, David Kotz

Computer Science Technical Reports

Location is one of the most important context information that an ubiquitous-computing application may leverage. Thus understanding the location systems and how location-aware applications interact with them is critical for design and deployment of both the location systems and location-aware applications. In this paper, we analyze a set of traces collected from two small-scale one-building location system and two large-scale campus-wide location systems. Our goal is to study characteristics of these location systems ant how these factors should be taken into account by a potentially large number of location-aware applications with different needs. We make empirical measurements of several important …

Application-Controlled Loss-Tolerant Data Dissemination, Guanling Chen, David Kotz

Computer Science Technical Reports

Reactive or proactive mobile applications require continuous monitoring of their physical and computational environment to make appropriate decisions in time. These applications need to monitor data streams produced by sensors and react to changes. When mobile sensors and applications are connected by low-bandwidth wireless networks, sensor data rates may overwhelm the capacity of network links or of the applications. In traditional networks and distributed systems, flow-control and congestion-control policies either drop data or force the sender to pause. When the data sender is sensing the physical environment, however, a pause is equivalent to dropping data. Arbitrary data drops are not …

Greenpass: Flexible And Scalable Authorization For Wireless Networks, Sean Smith, Nicholas C. Goffee, Sung Hoon Kim, Punch Taylor, Meiyuan Zhao, John Marchesini

Computer Science Technical Reports

Wireless networks break the implicit assumptions that supported authorization in wired networks (that is: if one could connect, then one must be authorized). However, ensuring that only authorized users can access a campus-wide wireless network creates many challenges: we must permit authorized guests to access the same network resources that internal users do; we must accommodate the de-centralized way that authority flows in real universities; we also must work within standards, and accommodate the laptops and systems that users already have, without requiring additional software or plug-ins.

This paper describes our ongoing project to address this problem, using SPKI/SDSI delegation …

Access Control In A Distributed Decentralized Network: An Xml Approach To Network Security Using Xacml And Saml, Paul J. Mazzuca

Dartmouth College Undergraduate Theses

The development of eXtensible Distributed Access Control (XDAC) systems is influenced by the transference of data access and storage from the local computer to the network. In this distributed system, access control is determined by independent components which transmit requests and decisions over a network, utilizing XML signing capabilities found in the Security Assertion Markup Language (SAML). All resources in the XDAC system are protected by the first component, a Policy Enforcement Point (PEP), which acts as the main divider between the requesting entity and the requested resource. The PEP grants access to a resource only if the second component, …

Using Spki/Sdsi For Distributed Maintenance Of Attribute Release Policies In Shibboleth, Sidharth Nazareth, Sean W. Smith

Computer Science Technical Reports

The Shibboleth middleware from Internet2 provides a way for users at higher-education institutions to access remote electronic content in compliance with the inter-institutional license agreements that govern such access. To protect end-user privacy, Shibboleth permits users to construct attribute release policies that control what user credentials a given content provider can obtain. However, Shibboleth leaves unspecified how to construct these policies. To be effective, a solution needs to accommodate the typical nature of a university: a set of decentralized fiefdoms. This need argues for a public-key infrastructure (PKI) approach---since public-key cryptography does not require parties to agree on a secret …